H3C设备ipsec_l2tp_nat实验手册

H3C设备ipsec_l2tp_nat实验手册

组网：内网--SECPATH F100-C防火墙---SECPATH F100-S防火墙--PC机（安装INODE客户端），PC机要采用IPSEC+L2TP的方式拨到F100-C防火墙上，访问内网资源。

<A>dis cu
#
sysname A
#
super password level 3 cipher I!]2">*=$'T=[[6AH];";Q!!
#
l2tp enable
#
ike local-name server
#
firewall packet-filter enable
firewall packet-filter default permit
#
firewall statistic system enable
#
radius scheme system
server-type huawei
#
domain system
ip pool 0 192.168.128.1 192.168.128.253
#
local-user l2tp
password simple l2tp
service-type ppp
#
ike peer qzrb                             
exchange-mode aggressive
pre-shared-key quidway
id-type name
remote-name client
nat traversal
#
ipsec proposal qzrb
#
ipsec policy-template temp 1
ike-peer qzrb
proposal qzrb
#
ipsec policy qzrb 1 isakmp template temp
#
acl number 2002
rule 0 permit source 192.168.245.0 0.0.0.255
#
interface Virtual-Template0
ppp authentication-mode pap
ip address 192.168.128.254 255.255.255.0
remote address pool
#
interface Aux0
async mode flow                          
#
interface GigabitEthernet0/0
duplex full
ip address 61.130.55.82 255.255.255.248
nat outbound 2002
ipsec policy qzrb
#
interface GigabitEthernet0/1
speed 1000
duplex full
ip address 192.168.254.1 255.255.255.252
#
interface Encrypt2/0
#
interface NULL0
#
interface LoopBack0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface GigabitEthernet0/1
add interface Virtual-Template0         
set priority 85
#
firewall zone untrust
add interface GigabitEthernet0/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp                           
allow l2tp virtual-template 0
#
ip route-static 0.0.0.0 0.0.0.0 61.130.55.81 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 1
protocol inbound telnet
#
return
<A>
<B>dis cu
#
sysname B
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type huawei
#
domain system
#
acl number 2002
rule 0 permit source 192.168.245.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 61.130.55.81 255.255.255.248
nat outbound 2002
#                                         
interface Ethernet0/1
ip address 192.168.254.2 255.255.255.252
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet1/0
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/1
set priority 85
#
firewall zone untrust
add interface Ethernet0/0               
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 61.130.55.82 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return                                    
<B>

游客，如果您要查看本帖隐藏内容请回复

你知道么? 加思科华为网络技术讨论群2258097 然后私聊群主 可以领取100论坛金币

学一下，顶顶顶顶顶顶顶顶顶顶顶顶顶

感谢楼主 感谢攻城狮论坛 每天签到得积分(连续签到金币翻倍) 希望越办越好

你知道么? 通过论坛客服报名CCNA,CCNP,CCIE 最高可省2000元培训费. 联系QQ 80766391

ddddddddddddddd

最新思科ccna(200-125)考试认证题库在这里下载 2016年最新更新http://bbs.vlan5.com/thread-15970-1-1.html

最新思科ccna(200-125)考试认证题库在这里下载 2016年最新更新http://bbs.vlan5.com/thread-15970-1-1.html

金币不够用?来这里看看吧~~10种方法轻松拿金币~~~ http://bbs.vlan5.com/thread-9184-1-1.html